// <copyright file="CertificateAuthSTS.cs" company="SharpSTS">
// Copyright (c) 2007, 2008 All Right Reserved, http://sharpsts.com/
//
// This source is subject to the Microsoft Permissive License.
// Please see the License.txt file for more information.
// All other rights reserved.
//
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY 
// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
// PARTICULAR PURPOSE.
//
// </copyright>
// <author>Barry Dorrans</author>
// <email>barryd@idunno.org</email>
// <date>2008-06-14</date>
// <summary>Implements a WsTrustResponder supporting Certificate Authentication.</summary>

namespace SharpSTS
{
    using System.ServiceModel;
    using Providers;

    /// <summary>
    /// Implements a <see cref="WsTrustResponder"/> supporting Certificate Authentication.
    /// </summary>
    [ServiceBehavior(Namespace = Constants.WSTrust.Namespace.Uri)]
    internal sealed class CertificateAuthSTS : WsTrustResponder
    {
        /// <summary>
        /// Validate the specified card identifier and version against the endpoint specific authentication information.
        /// </summary>
        /// <param name="cardId">The card identitifer for the current request.</param>
        /// <param name="cardVersion">The card version for the current request.</param>
        /// <returns>
        /// True if the current authenticated user is authorised to use the specified card identitifer and version.
        /// </returns>
        /// <remarks>An STS instance must implement a suitable authorization process customised to their authentication strategy.</remarks>
        protected override bool AuthoriseCardUse(string cardId, int cardVersion)
        {
            return true;
        }

        /// <summary>
        /// Gets the user identifier from card identifier.
        /// </summary>
        /// <param name="cardID">The card ID.</param>
        /// <returns>A user identifier.</returns>
        protected override object GetUserIdentifierFromCardId(string cardID)
        {
            return AuthorisationPolicyManager.GetUserIdFromCardId(cardID, AuthenticationType.Certificate);
        }
    }
}